4. One static, 1 dynamic address ...

One static, 1 dynamic address ...

  • O

    This question has been asked many times, but I have yet to see a concise and clear answer to it. Here is the situation.

    In Australia publicly route-able IP addresses for LTE services are :

    1 - Hard to get
    2 - Expensive
    3 - Add a LOT to latency as all traffic that uses them is routed via 1 exchange in Sydney irrespective of where you are in the country.

    So, for my site to site IPSEC VPN I have :

    Fixed IP for fibre connection into main office (SG3100 server lives here)
    10 LTE routers at remote sites, each with a dynamic, non-routable IP. So these clients need to be able to connect to the server. I'm 100% happy for the server to act as a responder only. I've done this before with cisco ASA etc so I know the LTE side is capable of it. I assume there must be a way for the pfsense to do the same thing ??

    Anyone have any insights. Please note the condition - DYNDNS at the LTE client cannot be part of the solution .

    0
  • O

    OK. For anyones interest this does work.

    1 - Turn off automatic firewall creation on the pfsense.
    2 - Set the wan address in phase 1 to 0.0.0.0
    3 - In phase 1 advanced select responder only.
    4 - Create any/any firewall rule in IPSEC rules.
    5 - Create UDP/500, UDP4500 and ESP all rules.

    And we have sucess, thanks in no small part to some very patient support staff.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy